我希望每个人(未经授权)可以从我的测试swift服务器存储/读取对象。有没有办法禁用身份验证?我已获得以下用户(proxy-server.conf)的授权:
[filter:tempauth]
use = egg:swift#tempauth
user_test_tester = testing .admin
但希望为非用户提供向我的服务器发出请求的可能性。
答案 0 :(得分:1)
这取决于您要使用的请求类型以及您正在使用的auth中间件。如果您使用的是keystone,那么您将无法使用容器级权限。您可以将容器的权限设置为公开。
curl -X POST -i \
-H "X-Auth-Token: abcdeftoken" \
-H "X-Container-Read: .r:*" \
-H "X-Container-Write: .r:*" \
http://swift.example.com/v1/AUTH_testing/container
答案 1 :(得分:0)
您可以使用no authentication middleware,tempauth或keystoneauth配置代理服务器管道。在第一个解决方案中,您无需提供任何密码。在第二个解决方案中,您可以在配置中设置用户,组和密码,最后一个联系keystone服务器以进行识别。
示例:
[pipeline:main]
### no pass
# pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk tempurl ratelimit copy container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
### tempauth
# pipeline = catch_errors gatekeeper healthcheck proxy-logging cache listing_formats container_sync bulk tempurl ratelimit tempauth copy container-quotas account-quotas slo dlo versioned_writes symlink proxy-logging proxy-server
### keystoneauth
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
# https://docs.openstack.org/keystonemiddleware/latest/middlewarearchitecture.html
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
password = SWIFT_PASS # change this
delay_auth_decision = True
log_level = debug
service_token_roles_required = True
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
user_test5_tester5 = testing5 service